6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
42.4%
next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already have a redirect
callback, make sure that you match the incoming url
origin against the baseUrl
.
[
{
"product": "next-auth",
"vendor": "nextauthjs",
"versions": [
{
"status": "affected",
"version": "< 3.29.2, < 4.3.2"
}
]
}
]